Lucene search
K
SusecveMost viewed

59380 matches found

SUSE CVE
SUSE CVE
added 2026/06/07 4:51 a.m.17 views

SUSE CVE-2026-10885

Use after free in Chrome for iOS in Google Chrome on iOS prior to 149.0.7827.53 allowed a remote attacker to execute arbitrary code via a crafted HTML page. Chromium security severity: Critical...

8.8CVSS6AI score0.00374EPSS
Exploits0References2
SUSE CVE
SUSE CVE
added 2026/06/03 2:36 a.m.17 views

SUSE CVE-2024-27355

An issue was discovered in phpseclib 1.x before 1.0.23, 2.x before 2.0.47, and 3.x before 3.0.36. When processing the ASN.1 object identifier of a certificate, a sub identifier may be provided that leads to a denial of service CPU consumption for decodeOID...

7.5CVSS7AI score0.00569EPSS
Exploits0References2
SUSE CVE
SUSE CVE
added 2026/06/03 2:24 a.m.17 views

SUSE CVE-2026-41115

An improper authorization vulnerability has been identified in Apache Kafka. The implementation of the CONSUMERGROUPDESCRIBE 69 API validates the DESCRIBE operation on the GROUP resource instead of the READ operation that documented in the official kafka documentation and the KIP-848. This...

4.3CVSS5.8AI score0.00288EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/06/03 2:23 a.m.17 views

SUSE CVE-2026-44740

Billy is an interface filesystem abstraction for Go. Prior to versions 5.9.0 and 6.0.0-alpha.1, multiple components may improperly handle crafted or malformed input, resulting in panics, infinite loops, uncontrolled recursion, or excessive resource consumption. These issues arise from insufficien...

7.5CVSS5.7AI score0.00295EPSS
Exploits0References6
SUSE CVE
SUSE CVE
added 2026/06/02 1:44 a.m.17 views

SUSE CVE-2026-10229

A vulnerability was determined in Assimp up to 6.0.4. This affects the function HL1MDLLoader::readmeshes of the file HL1MDLLoader.cpp of the component Half-Life 1 MDL Loader. This manipulation causes heap-based buffer overflow. The attack is restricted to local execution. The exploit has been...

5.3CVSS6.1AI score0.00125EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/06/02 1:42 a.m.17 views

SUSE CVE-2026-25680

Parsing arbitrary HTML can consume excessive CPU time, possibly leading to denial of service...

7.5CVSS5.9AI score0.00248EPSS
Exploits0References12
SUSE CVE
SUSE CVE
added 2026/05/30 2:26 a.m.17 views

SUSE CVE-2024-43513

unknown...

6.4CVSS5.7AI score0.00631EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/05/30 2:19 a.m.17 views

SUSE CVE-2026-9879

Out of bounds write in ANGLE in Google Chrome prior to 148.0.7778.216 allowed a remote attacker to execute arbitrary code via a crafted HTML page. Chromium security severity: Critical...

8.8CVSS6.2AI score0.00291EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/05/30 2:19 a.m.17 views

SUSE CVE-2026-9885

Insufficient validation of untrusted input in UI in Google Chrome on Mac prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: Critical...

8.3CVSS5.8AI score0.00228EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/05/30 2:18 a.m.17 views

SUSE CVE-2026-9915

Heap buffer overflow in ANGLE in Google Chrome prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: High...

8.3CVSS6AI score0.00246EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/05/30 2:18 a.m.17 views

SUSE CVE-2026-9918

Inappropriate implementation in Tint in Google Chrome prior to 148.0.7778.216 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: High...

9.6CVSS5.8AI score0.00243EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/05/30 2:18 a.m.17 views

SUSE CVE-2026-9923

Use after free in Skia in Google Chrome prior to 148.0.7778.216 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: High...

8.8CVSS5.8AI score0.00253EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/05/30 2:18 a.m.17 views

SUSE CVE-2026-9927

Use after free in ANGLE in Google Chrome prior to 148.0.7778.216 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. Chromium security severity: High...

8.8CVSS6.2AI score0.00303EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/05/30 2:17 a.m.17 views

SUSE CVE-2026-9931

Use after free in GPU in Google Chrome prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: High...

8.3CVSS5.8AI score0.00222EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/05/30 2:17 a.m.17 views

SUSE CVE-2026-9947

Use after free in XML in Google Chrome prior to 148.0.7778.216 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. Chromium security severity: High...

8.8CVSS6.2AI score0.00303EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/05/30 2:15 a.m.17 views

SUSE CVE-2026-10005

Use after free in WebAppInstalls in Google Chrome on Mac prior to 148.0.7778.216 allowed a remote attacker who convinced a user to engage in specific UI gestures to execute arbitrary code via a crafted HTML page. Chromium security severity: High...

7.5CVSS6.2AI score0.00261EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/05/30 2:15 a.m.17 views

SUSE CVE-2026-10008

Uninitialized Use in GPU in Google Chrome on Android prior to 148.0.7778.216 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. Chromium security severity: High...

6.5CVSS5.8AI score0.00224EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/05/30 2:15 a.m.17 views

SUSE CVE-2026-10009

Integer overflow in Skia in Google Chrome prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to execute arbitrary code inside a sandbox via a crafted HTML page. Chromium security severity: High...

7.5CVSS6.3AI score0.00221EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/05/30 2:15 a.m.17 views

SUSE CVE-2026-10017

Out of bounds read in Headless in Google Chrome prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: Medium...

8.3CVSS5.8AI score0.00185EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/05/30 2:15 a.m.17 views

SUSE CVE-2026-10020

Insufficient validation of untrusted input in Skia in Google Chrome on Android prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: Medium...

8.3CVSS5.8AI score0.00198EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/05/30 2:7 a.m.17 views

SUSE CVE-2026-40510

OpenSC before 0.27.0-rc1, fixed in commit 3f24f0b, contains a stack buffer overflow vulnerability in pivprocesshistory in src/libopensc/card-piv.c that allows physically present attackers to trigger memory corruption by presenting a crafted PIV smart card or USB device returning a URL field longe...

3.8CVSS6AI score0.00216EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/05/30 2:6 a.m.17 views

SUSE CVE-2026-42534

NLnet Labs Unbound up to and including version 1.25.0 has a vulnerability in the jostle logic that could defeat its purpose and degrade resolution performance. Retransmits of the same query could renew the age of slow running queries and not allow the jostle logic to see them as aged and potentia...

5.9CVSS5.7AI score0.00519EPSS
Exploits0References9
SUSE CVE
SUSE CVE
added 2026/05/30 2:6 a.m.17 views

SUSE CVE-2026-42923

NLnet Labs Unbound up to and including version 1.25.0 has a vulnerability in the DNSSEC validator where the code path to consult the negative cache for DS records does not take into account the limit on NSEC3 hash calculations introduced in 1.19.1. This leads to degradation of service during the...

5.9CVSS5.8AI score0.00339EPSS
Exploits0References9
SUSE CVE
SUSE CVE
added 2026/05/29 1:27 a.m.17 views

SUSE CVE-2025-34525

This CVE ID was rejected because it was reserved but not used for a vulnerability disclosure...

5.8AI score
Exploits0References2
SUSE CVE
SUSE CVE
added 2026/05/29 1:24 a.m.17 views

SUSE CVE-2026-3592

BIND resolvers are vulnerable to an amplified resource consumption/exhaustion attack. If a victim resolver makes a query to a specially crafted zone, the resolver will consume disproportionate resources. This issue affects BIND 9 versions 9.11.0 through 9.16.50, 9.18.0 through 9.18.48, 9.20.0...

5.3CVSS5.8AI score0.00406EPSS
Exploits0References9
SUSE CVE
SUSE CVE
added 2026/05/29 1:23 a.m.17 views

SUSE CVE-2026-5947

Undefined behavior may result due to a race condition leading to a use-after-free violation. If BIND receives an incoming DNS message signed with SIG0, it begins work to validate that signature. If, during that validation, the "recursive-clients" limit is reached as would occur during a query...

7.5CVSS5.8AI score0.01387EPSS
Exploits0References5
SUSE CVE
SUSE CVE
added 2026/05/29 1:16 a.m.17 views

SUSE CVE-2026-46134

In the Linux kernel, the following vulnerability has been resolved: platform/chrome: crosectypec: Init mutex in Thunderbolt registration crostypecregisterthunderbolt missed initializing the adata-lock mutex. This leads to a NULL dereference when the mutex is later acquired e.g. in...

5.5CVSS5.8AI score0.00126EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/05/29 1:16 a.m.17 views

SUSE CVE-2026-46139

In the Linux kernel, the following vulnerability has been resolved: smb: client: use kzalloc to zero-initialize security descriptor buffer Commit 62e7dd0a39c2d "smb: common: change the data type of numaces to le16" split struct smbacl's le32 numaces field into le16 numaces and le16 reserved. The...

4.3CVSS5.9AI score0.00122EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/05/29 1:16 a.m.17 views

SUSE CVE-2026-46145

In the Linux kernel, the following vulnerability has been resolved: RDMA/mana: Validate rxhashkeylen Sashiko points out that rxhashkeylen comes from a uAPI structure and is blindly passed to memcpy, allowing the userspace to trash kernel memory. Bounds check it so the memcpy cannot overflow...

7CVSS5.9AI score0.00142EPSS
Exploits0References7
SUSE CVE
SUSE CVE
added 2026/05/29 1:16 a.m.17 views

SUSE CVE-2026-46148

In the Linux kernel, the following vulnerability has been resolved: spi: microchip-core-qspi: control built-in cs manually The coreQSPI IP supports only a single chip select, which is automagically operated by the hardware - set low when the transmit buffer first gets written to and set high when...

5.5CVSS5.8AI score0.00121EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/05/29 1:16 a.m.17 views

SUSE CVE-2026-46161

In the Linux kernel, the following vulnerability has been resolved: md/raid10: fix divide-by-zero in setupgeo with zero farcopies setupgeo extracts nearcopies nc and farcopies fc from the user-provided layout parameter without checking for zero. When fc=0 with the "improved" far set layout...

5.5CVSS5.8AI score0.00128EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/05/29 1:15 a.m.17 views

SUSE CVE-2026-46163

In the Linux kernel, the following vulnerability has been resolved: wifi: b43legacy: enforce bounds check on firmware key index in RX path Same fix as b43: the firmware-controlled key index in b43legacyrx can exceed dev-maxnrkeys. The existing B43legacyWARNON is non-enforcing in production builds...

5.5CVSS5.8AI score0.00129EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/05/29 1:15 a.m.17 views

SUSE CVE-2026-46168

In the Linux kernel, the following vulnerability has been resolved: mptcp: fix scheduling with atomic in timestamp sockopt Using locksockfast atomic context around socksettimestamp and socksettimestamping is unsafe, as both helpers can sleep. Replace locksockfast with sleepable locksock/releaseso...

5.5CVSS5.8AI score0.00128EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/05/29 1:15 a.m.17 views

SUSE CVE-2026-46171

In the Linux kernel, the following vulnerability has been resolved: riscv: kvm: fix vector context allocation leak When the second kzalloc hostcontext.vector.datap fails in kvmriscvvcpuallocvectorcontext, the first allocation guestcontext.vector.datap is leaked. Free it before returning...

5.5CVSS5.8AI score0.00126EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/05/29 1:15 a.m.17 views

SUSE CVE-2026-46211

In the Linux kernel, the following vulnerability has been resolved: drm/msm/gem: fix error handling in msmioctlgeminfogetmetadata msmioctlgeminfogetmetadata always returns 0 regardless of errors. When copytouser fails or the user buffer is too small, the error code stored in ret is ignored becaus...

6.6CVSS5.9AI score0.00127EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/05/29 1:14 a.m.17 views

SUSE CVE-2026-46221

In the Linux kernel, the following vulnerability has been resolved: EDAC/versalnet: Fix device name memory leak The device name allocated via kzalloc in initonemc is assigned to dev-initname but never freed on the normal removal path. deviceregister copies initname and then sets dev-initname to...

5.5CVSS5.8AI score0.00117EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/05/28 4:1 a.m.17 views

SUSE CVE-2025-71303

In the Linux kernel, the following vulnerability has been resolved: accel/amdxdna: Fix race condition when checking rpmon When autosuspend is triggered, driver rpmon flag is set to indicate that a suspend/resume is already in progress. However, when a userspace application submits a command durin...

4.7CVSS5.8AI score0.00102EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/05/28 4:1 a.m.17 views

SUSE CVE-2025-71311

In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: Initialize new folios before use KMSAN reports an uninitialized value in longestmatchstd, invoked from ntfscompresswrite. When new folios are allocated without being marked uptodate and nireadframe is skipped because th...

5.5CVSS5.7AI score0.00155EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/05/28 3:59 a.m.17 views

SUSE CVE-2026-34303

unknown...

6.5CVSS7.2AI score0.00303EPSS
Exploits0References10
SUSE CVE
SUSE CVE
added 2026/05/28 3:57 a.m.17 views

SUSE CVE-2026-44169

MariaDB server is a community developed fork of MySQL server. From versions 11.4.1 to before 11.4.11, 11.8.1 to before 11.8.7, and 12.3.1, a user getting EXECUTE access to a stored routine via a role, could see the routine definition even without SHOW CREATE ROUTINE privilege. This issue has been...

4.3CVSS5.2AI score0.00161EPSS
Exploits0References4
SUSE CVE
SUSE CVE
added 2026/05/28 3:57 a.m.17 views

SUSE CVE-2026-45867

In the Linux kernel, the following vulnerability has been resolved: power: supply: act8945a: Fix use-after-free in powersupplychanged Using the devm variant for requesting IRQ before the devm variant for allocating/registering the powersupply handle, means that the powersupply handle will be...

5.7AI score0.00164EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/05/28 3:54 a.m.17 views

SUSE CVE-2026-45989

In the Linux kernel, the following vulnerability has been resolved: of: unittest: fix use-after-free in testdrvprobe The function testdrvprobe retrieves the devicenode from the PCI device, applies an overlay, and then immediately calls ofnodeputdn. This releases the reference held by the PCI core...

5.5CVSS5.7AI score0.00159EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/05/28 3:54 a.m.17 views

SUSE CVE-2026-46002

In the Linux kernel, the following vulnerability has been resolved: ext2: reject inodes with zero inlink and valid mode in ext2iget ext2iget already rejects inodes with inlink == 0 when imode is zero or idtime is set, treating them as deleted. However, the case of inlink == 0 with a non-zero mode...

5.5CVSS5.8AI score0.00123EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/05/27 12:59 p.m.17 views

SUSE CVE-2026-9503

A security flaw has been discovered in GNU LibreDWG up to 0.14. This impacts the function dwgnextentity of the file src/decode.c of the component DWG File Handler. The manipulation results in null pointer dereference. The attack must be initiated from a local position. The exploit has been releas...

4.8CVSS5.4AI score0.00143EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/05/27 10:58 a.m.17 views

SUSE CVE-2026-9504

A weakness has been identified in GNU LibreDWG up to 0.14. Affected is the function bitconvertTU of the file programs/dwggrep.c of the component Dwggrep Utility. This manipulation causes out-of-bounds read. The attack needs to be launched locally. The exploit has been made available to the public...

4.8CVSS5.3AI score0.00176EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/05/27 10:56 a.m.17 views

SUSE CVE-2026-48849

In Roundcube Webmail 1.6.x before 1.6.16 and 1.7.x before 1.7.1, an unsanitized subject field in the draft restored value could lead to stored XSS/HTML/CSS injection on shared mailboxes...

4.4CVSS5.8AI score0.00239EPSS
Exploits1References3
SUSE CVE
SUSE CVE
added 2026/05/27 2:53 a.m.17 views

SUSE CVE-2026-2340

A flaw was found in Samba's vfsworm module. The module is intended to provide write-once, read-many WORM protections by preventing modification of files after a configurable grace period. Due to insufficient validation during rename operations, an authenticated user with write access to a share...

6.5CVSS5.7AI score0.00939EPSS
Exploits0References13
SUSE CVE
SUSE CVE
added 2026/05/27 2:53 a.m.17 views

SUSE CVE-2026-4480

A flaw was found in the Samba printing subsystem. Samba passes the client-controlled job description string to the command configured with the "print command" setting via the "%J" substitution character without escaping shell meta characters. A remote attacker could exploit this vulnerability by...

10CVSS6.4AI score0.12797EPSS
Exploits7References15
SUSE CVE
SUSE CVE
added 2026/05/27 2:48 a.m.17 views

SUSE CVE-2026-41046

A path traversal attack when using a "configName" parameter in qSnapper before version 1.3.3 allowed a local attacker to use malicious config files for snapper and so cause a denial of service or potentially escalate privileges to root...

7.3CVSS5.9AI score0.00159EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/05/24 1:13 a.m.17 views

SUSE CVE-2022-50250

In the Linux kernel, the following vulnerability has been resolved: regulator: core: fix usecount leakage when handling boot-on I found a usecount leakage towards supply regulator of rdev with boot-on option. ───────────────────┐ ───────────────────┐ | regulatordev A | | regulatordev B | | boot-o...

5.5CVSS5.9AI score0.00147EPSS
Exploits0References7
Total number of security vulnerabilities5000